*/
NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx,
const struct PAC_LOGON_INFO *pac_logon_info,
+ const struct PAC_UPN_DNS_INFO *pac_upn_dns_info,
struct auth_user_info_dc **_user_info_dc)
{
uint32_t i;
user_info_dc->num_sids++;
}
}
+
+ if (pac_upn_dns_info != NULL) {
+ user_info_dc->info->user_principal_name =
+ talloc_strdup(user_info_dc->info,
+ pac_upn_dns_info->upn_name);
+ if (user_info_dc->info->user_principal_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ user_info_dc->info->dns_domain_name =
+ talloc_strdup(user_info_dc->info,
+ pac_upn_dns_info->dns_domain_name);
+ if (user_info_dc->info->dns_domain_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (pac_upn_dns_info->flags & PAC_UPN_DNS_FLAG_CONSTRUCTED) {
+ user_info_dc->info->user_principal_constructed = true;
+ }
+ }
+
*_user_info_dc = user_info_dc;
return NT_STATUS_OK;
}
*/
NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx,
const struct PAC_LOGON_INFO *pac_logon_info,
+ const struct PAC_UPN_DNS_INFO *pac_upn_dns_info,
struct auth_user_info_dc **_user_info_dc);
/* The following definitions come from auth/wbc_auth_util.c */
DATA_BLOB pac_logon_info_in, pac_srv_checksum_in, pac_kdc_checksum_in;
krb5_data k5pac_logon_info_in, k5pac_srv_checksum_in, k5pac_kdc_checksum_in;
+ DATA_BLOB pac_upn_dns_info_in;
+ krb5_data k5pac_upn_dns_info_in;
union PAC_INFO info;
+ union PAC_INFO _upn_dns_info;
+ const struct PAC_UPN_DNS_INFO *upn_dns_info = NULL;
struct auth_user_info_dc *user_info_dc_out;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
return EINVAL;
}
+ ret = krb5_pac_get_buffer(context, pac, PAC_TYPE_UPN_DNS_INFO,
+ &k5pac_upn_dns_info_in);
+ if (ret == ENOENT) {
+ ZERO_STRUCT(k5pac_upn_dns_info_in);
+ ret = 0;
+ }
+ if (ret != 0) {
+ talloc_free(tmp_ctx);
+ return EINVAL;
+ }
+
+ pac_upn_dns_info_in = data_blob_const(k5pac_upn_dns_info_in.data,
+ k5pac_upn_dns_info_in.length);
+
+ if (pac_upn_dns_info_in.length != 0) {
+ ndr_err = ndr_pull_union_blob(&pac_upn_dns_info_in, tmp_ctx,
+ &_upn_dns_info,
+ PAC_TYPE_UPN_DNS_INFO,
+ (ndr_pull_flags_fn_t)ndr_pull_PAC_INFO);
+ kerberos_free_data_contents(context, &k5pac_upn_dns_info_in);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ nt_status = ndr_map_error2ntstatus(ndr_err);
+ DEBUG(0,("can't parse the PAC UPN_DNS_INFO: %s\n",
+ nt_errstr(nt_status)));
+ talloc_free(tmp_ctx);
+ return EINVAL;
+ }
+ upn_dns_info = &_upn_dns_info.upn_dns_info;
+ }
+
/* Pull this right into the normal auth sysstem structures */
nt_status = make_user_info_dc_pac(mem_ctx,
info.logon_info.info,
+ upn_dns_info,
&user_info_dc_out);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
git.samba.org / samba.git / commitdiff